Solved: Re: how to remove characters from strings

hqw · ‎07-21-2016

Hi all,

I have some value under geologic_city fields as below, but it has some problems. For example, actually Anshan and Anshan Shi is the same city, and i have multiple cities have this issue. I want to remove all "Shi" if the string has. Can anyone help me on this?

Thanks

javiergn · ‎07-21-2016

Try this:

| eval geoloc_city = trim(replace(geoloc_city, "Shi", ""))

Careful as it is case sensitive

EDIT. You can have a more granular control (including case insensitive mode) by using rex:

| rex field=geoloc_city "(?i)^(?<geoloc_city>.+?)(\sShi)?$"

View solution in original post

javiergn · ‎07-21-2016

Try this:

| eval geoloc_city = trim(replace(geoloc_city, "Shi", ""))

Careful as it is case sensitive

EDIT. You can have a more granular control (including case insensitive mode) by using rex:

| rex field=geoloc_city "(?i)^(?<geoloc_city>.+?)(\sShi)?$"

hqw · ‎07-21-2016

Thanks a lot javiergn, it works!

how to remove characters from strings

Cultivate Your Career Growth with Fresh Splunk Training

Introducing a Smarter Way to Discover Apps on Splunkbase

How to Send Splunk Observability Alerts to Webex teams in Minutes

Are you a member of the Splunk Community?

how to remove characters from strings

Cultivate Your Career Growth with Fresh Splunk Training

Introducing a Smarter Way to Discover Apps on Splunkbase

How to Send Splunk Observability Alerts to Webex teams in Minutes